From 0041a78ef755ea64111402f5601d409a3c24d7d0 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 8 Jun 2010 09:12:03 -0400
Subject: [PATCH] Remove cgroup_t usage in cgroup_admin() since it is not owned
 by the module.

---
 policy/modules/services/cgroup.if | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/policy/modules/services/cgroup.if b/policy/modules/services/cgroup.if
index 5770206e..21d29ff8 100644
--- a/policy/modules/services/cgroup.if
+++ b/policy/modules/services/cgroup.if
@@ -121,7 +121,7 @@ interface(`cgroup_admin',`
 	gen_require(`
 		type cgred_t, cgconfigparser_t, cgred_var_run_t;
 		type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t;
-		type cgred_etc_t, cgroup_t;
+		type cgred_etc_t;
 	')
 
 	allow $1 cgconfigparser_t:process { ptrace signal_perms getattr };
@@ -130,8 +130,6 @@ interface(`cgroup_admin',`
 	allow $1 cgred_t:process { ptrace signal_perms getattr };
 	read_files_pattern($1, cgred_t, cgred_t)
 
-	admin_pattern($1, cgroup_t)
-
 	admin_pattern($1, cgconfig_etc_t)
 	admin_pattern($1, cgred_etc_t)
 	files_search_etc($1)